WHAT IS CLAIMED IS: 

1 . A method for providing security, comprising: 

separating a plurality of classes into at least a first trusted class and an 

untrusted class; 

associating privilege information with the first trusted class; and 

controlling access to the first trusted class by the untrusted class or a second 

trusted class based upon the privilege information associated with the first trusted 

class. 
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2. The method of claim 1 further comprising: 

granting the untrusted class or the second trusted class a privilege related to 
the first trusted class based upon a permissive attribute of the privilege information; 
and 

wherein the step of controlling access depends upon the privilege. 

3. The method of claim 1 further comprising: 

refusing to grant the untrusted class or second trusted class a privilege 
related to the first trusted class based upon a permissive attribute of the privilege 
information; and 

wherein controlling access depends upon the privilege. 
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4. The method of claim 2, wherein controlling access further comprises: 
determining if the privilege allows the untrusted class or second trusted class 

to interact with the first trusted class in a predefined manner; and 

permitting the access to the first trusted class in the predefined manner if the 
privilege permits the access. 

5. The method of claim 4 further comprising denying the access to the 
first trusted class in the predefined manner if the access to the first trusted class in 
the predefined manner is contrary to the privilege. 

6. The method of claim 5, wherein the privilege allows at least one of the 
group of creating a subclass of the first trusted class, creating a new instance of the 
first trusted class, allowing the untrusted class or second trusted class to invoke a 
method of the first trusted class, and allowing the untrusted class or second trusted 
class access to trusted data of the first trusted class. 
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7. The method of claim 1 , wherein the step of separating the classes 
further comprises associating a package with the first trusted class. 

8. The method of claim 7, wherein associating the package further 
comprises encapsulating the first trusted class within the package. 
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9. The method of claim 7, wherein the package further comprises: 
a key; 

a package name incorporating the key; 
the privilege information; and 
the first trusted class. 



1 0. The method of claim 1 , wherein the step of separating the classes 
further comprises allocating a separate memory space for the first trusted class and 
the untrusted class. 

1 1 . The method of claim 1 , wherein the privilege information further 
comprises a plurality of permissive attributes. 

12. The method of claim 1 1 , wherein the permissive attributes comprises 
at least one of the group of a subclass attribute, a new instance attribute, a method 
invocation attribute, and a trusted data access attribute. 



13. A method of claim 1 1 further comprising setting the permissive 
attribute to indicate a privilege grant to the untrusted class or second trusted class. 
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14. The method of claim 1 1 , wherein a default for the permissive attribute 
indicates no privilege grant to the untrusted class or second trusted class. 
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1 5. The method of claim 1 , wherein controlling access to the first trusted 
class further comprises: 

detecting when a request for a trusted class operation is made by the 
untrusted class or second trusted class; 

determining that the trusted class operation is authorized based on the 
privilege information associated with the first trusted class; and 

allowing access to the first trusted class according to the trusted class 
operation. 



16. The method of claim 15, wherein the trusted class operation is at least 
one of a group of operations comprising a subclass operation, a new instance 
creation, a method call operation, and a trusted data access operation. 

1 7. A method of claim 1 5, wherein the step of determining further 
comprises determining that the trusted class operation is authorized based on the 
setting for at least one permissive attribute within the privilege information. 
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18. A secure virtual machine instruction processor comprising: 
a first memory space for storing an untrusted class; 
a second memory space for storing a first trusted class; 
a privilege manager for managing privilege information associated with the 
first trusted class; and 
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a controller for controlling access to the first trusted class during a trusted 
class operation, wherein the controller is operative to receive a request for the 
trusted class operation from the untrusted class or a second trusted class and grant 
access to the first trusted class based on at least one permissive attribute within the 
privilege information for the first trusted class. 



19. A processor of claim 18, wherein the request received by the controller 
is one of the group of a subclass attribute, a new instance attribute, a method 
invocation attribute, and a trusted data access attribute. 

20. A processor of claim 18, wherein the controller is further operative to 
permit access to the first trusted class in a predefined manner if the privilege permits 
the access. 



21 . A processor of claim 18, wherein the controller is further operative to 
deny access to the first trusted class in a predefined manner if the privilege is 
contrary to the privilege. 

22. A processor of claim 18, wherein the first trusted class of the second 
memory space is associated with a package. 



LAW OFFICES 

nnegan, Henderson, 
Farabow, Garrett 
8 dunner,llp. 

rAMFORD RESEARCH PARK 

700 HANSEN WAY 
=>ALO ALTO, CALIF. 94304 
6SO-S49-eSOO 



23. A processor of claim 22, wherein associating the package further 
comprises encapsulating the first trusted class within the package. 
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24. A processor of claim 22, wherein the package further comprises: 
a key; 

a package name incorporating the key; 
the privilege information; and 
the first trusted class. 



25. A computer-readable medium on which is stored instructions, which 
when executed perform steps in a method for providing a secure virtual machine, the 
steps comprising: 

separating a plurality of classes into at least a first trusted class and an 
untrusted class; 

associating privilege information with the first trusted class; and 

controlling access to the first trusted class by the untrusted class or a second 

trusted class based upon the privilege information associated with the first trusted 

class. 
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26. The computer-readable medium of claim 25 further comprising: 

refusing to grant the untrusted class or second trusted class a privilege 
related to the first trusted class based upon a permissive attribute of the privilege 
information; and 

wherein the step of controlling access depends upon the privilege. 
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27. The computer-readable medium of claim 25 further comprising: 
granting the untrusted class or second trusted class a privilege related 

to the first trusted class based upon a permissive attribute of the privilege 
information; and 

wherein the step of controlling access depends upon the privilege. 

28. The computer-readable medium of claim 25 further comprising denying 
the access to the first trusted class in the predefined manner if the access to the first 
trusted class in the predefined manner is contrary to the privilege information. 

29. The computer-readable medium of claim 28 wherein the privilege 
information allows at least one of the group of creating a subclass of the first trusted 
class, creating a new instance of the first trusted class, allowing the untrusted class 
or second trusted class to invoke a method of the first trusted class, and allowing the 
untrusted class or second trusted class access to trusted data of the first trusted 
class. 
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